ansible linux patching

A while ago because of Windows SMB protocol vulnerability, manually to Windows patching, tired sleep does not love.After the research, find out the simple method, use the ansible to carry on the batch operation, avoids the artificial complexity.Windows patch Download Web siteHttps://www.catalog.update.microsoft.com/Search.aspxDownload a KB4025337 and get the link:$ wget http://download.windowsupdate.com/c/m

Q: Why do you want to find a different, why patch?A:In Linux applications, as DBAs, we know that MySQL runs on the Linux system, the most important pursuit of database is performance,"stability" is the weight of the heavy, so can not be changed in the system or change it, this time unless it is a last resort, otherwise it is On the original basis to change the line, that is, to the kernel and download some

, which device problem, unimpeded. Recently, the boss used root user to compile Qtopia in Rhel, and there was an issue with g++ error:g++: Error trying to exec ' cc1plus ': execvp:no such file or directoryWe think for a long time, get a non-authoritative explanation: Rhel does not allow root to compile Qtopia, with ordinary users do not have this problem.Background of this article:1, practice making patches and patching;2, the previous program code li

*****************************************************************************4th Step: Execute the patch command repeatedly.*****************************************************************************Execute the following command:For I in 3 4 5; DoPatch-p0 DonewhichPatch-p0 The command acts on the input patch file and upgrades all files and subdirectories in the corresponding old version of the kernel source code to the corresponding new version (in our case, the old version of the kernel sourc

if the VSFTPD service on the managed machine starts automatically [[emailprotected] ~]# ansible lanzhiyong-m shell-a ' Systemctl is-enabled vsftpd ' 192.168.209.13 | SUCCESS | Rc=0 >>enabled//Setting up the VSFTPD service on the managed machine boot up automatically [[emailprotected] ~]# ansible lanzhiyong-m service-a ' name=vsftpd Enabled=yes ' 192.168.209.13 | SUCCESS = {"Changed": false, "Enabled": TRUE

service-a ' NAME=VSFTPD Enabled=yes ' 192.168.56.123 | SUCCESS = {"Changed": True, "Enabled": True, "name": "Vsftpd", "status": {...//check if the VSFTPD service on the managed machine is powered on from [[EM Ailprotected] ~]# ansible abc-m shell-a ' systemctl is-enabled vsftpd ' 192.168.56.123 | SUCCESS | Rc=0 >>enabled... Stop the VSFTPD service on the managed machine [[emailprotected] ~]# ansible abc-m

In the first half of this year, we were working on a carrier project. The device specification was written by large manufacturers such as ZTE and Huawei, which had requirements for hot Patching. The operator has high requirements on the running time of the device, so it does not need to restart the program to change a small problem. So there is a hot Patching requirement: requires that the program can chang

* () function to initiate a DNS request that converts the host name to an IP address.Vulnerability HazardThis vulnerability could result in remote code execution, which could allow an attacker to gain full control of the system.Proof of vulnerabilityIn our tests, we wrote a POC, and when we sent a well-structured email to the server, we were able to get the shell of the remote Linux server, bypassing all the protections currently on 32-bit and 64-bit

The three ping pass is to be able to transfer files.The No. 0 Lesson 5th Section _ Just contact the development Board's u-boot to build the use and constructs the Sourceinsight project:Uboot hit Patch: Uboot source code is not used in 2440, hit the patch can be used in 2440 (inside the virtual machine configuration, specifically used to Ls,cd,tar XJF u-boot-1.1.6 instructions), extracted and so on, forget to watch the video.SOURCE Insight Project: Operating software, easy to see Uboot source cod

[sizeof (temp.buffer)];memset (name, ' 0 ', Len);Name[len] = ' + ';retval = gethostbyname_r (name, resbuf, Temp.buffer, sizeof (Temp.buffer), result, herrno);if (strcmp (temp.canary, canary)! = 0) {puts ("vulnerable");exit (exit_success);} if (retval = = erange) {puts ("not vulnerable");exit (exit_success);} puts ("should not Happen");exit (exit_failure);} And then compile the execution#gcc check_yl.c-o cve-2015-0235./cve-2015-0235If the result of the output is:vulnerableIndicates that the syste

"‘(51) Delete a scheduled taskansible web_server -m cron -a ‘name="a job for reboot" state=absent‘(52) Mount Partitionansible web_server -m mount -a ‘name=/data src=/dev/sdb1 fstype=ext4 opts=rw state=mounted‘(53) Unmount partitionansible web_server -m mount -a ‘name=/data state=unmounted‘(54) Ensure that a partition is mounted and mounted if it is notansible web_server -m mount -a ‘name=/data src=/dev/sdb1 fstype=ext4 state=present‘For more information on playbook, please continue to follow my

protected] ~]# cat Useradd.yaml #查看内容-Hosts:webserver #定义主机组User:root #远程链接用户VARsUser:jerry #添加的用户名tasks: #任务-Name:add User #任务名称Action:user name={{User}} PASSWORD=-LUVLRZEXUGHM shell=/bin/bash home=/home/{{user}} #指定用户相关的信息 password must be a ciphertext salt encrypted login Shel L Host Directory3. Execute the Yaml file[Email protected] ~]# Ansible-playbook Useradd.yamlSuccess Client node Validation[Email protected] ~]#

Bash how to deal with the problem of security vulnerabilityOne: Vulnerability descriptionThe vulnerability stems from the special environment variables created before the bash shell that you invoke, which can contain code and be executed by bash.II: Software and systems identified for successful useAll Linux operating systems that install the version of Gun bash are less than or equal to 4.3.Three: Vulnerability detection method[Email protected] ~]# b

Tags: Linux automated operation and maintenance ansibleObjectiveThe development direction of operations, centralization, automation, standardization, virtualization, distributed.This article shows a tool for automating the development of operations: Ansible. Ansible has many advantages, only need ssh and Python can be used, do not need the client, powerful, modul

defined in the Hosts file remote_user:root //users running this task tasks: ///should be a task -name:taks_name//Task Name moudule_name:args[1]=?args[2]=? ..... //parameter, which is the-a option in the command ignore _errors:true//Ignore Errors notify: //if not changed the following events will not occur -handerls_name handlers:// The implementation performs the specified action once the change has completed, such as changing the configuration file and starting the service from the new one

Ansible-Bulk Linux management tools"Ansible is easy it Automation"--simple automated IT tools. Batch execution of commands on a remote server Automating the deployment of apps Automation Management Configuration Items Automated Cloud service Management Install (Ubuntu)Rely on SSH and python Apt-get Install

From http://blog.chinaunix.net/uid-20642150-id-4096719.htmlansible-Batch Linux management toolsHttps://github.com/ansible/ansibleInadvertently see this project, feel very similar to puppet, take the time to understand, found is very good, and support the use of Python to add their own modules, very simple.and relatively speaking, Ansible has the following advanta

.hccos.cn #172.16.0.91hctjosk8sslave02.hccos.cn #172.16.0.92hctjcephblock01.hccos.cn #172.16.0.93hctjcephblock02.hccos.cn #172.16.0.94hctjosk8snode01.hccos.cn #172.16.0.95hctjosk8snode02.hccos.cn #172.16.0.96hctjosk8snode03.hccos.cn #172.16.0.97hctjosk8snode04.hccos.cn #172.16.0.98hctjosadm01.hccos.cn #172.16.0.99hctjosmysql01.hccos.cn #172.16.0.25hctjosmysql02.hccos.cn #172.16.0.26hctjosmysql03.hccos.cn #172.16.0.27hctjoscache01.hccos.cn #172.16.0.45hctjoscache02.hccos.cn #172.16.0.46hctjoscach

]192.168.2.220192.168.2.221192.168.2.222192.168.2.223192.168.2.224Eof[[email protected]084-monitor ansible]# ansible aa-m command-a' Free'192.168.2.224| Success | Rc=0>>Total used Freeshared buffers Cachedmem:1020132 953112 67020 0 134156 541024-/+ Buffers/cache:277932 742200Swap:1675256 6260 1668996192.168.2.223| Success | Rc=0>>Total used Freeshared buffers Cachedmem

Today, the Linux system is installed on ansible by Red Hat Enterprise Linux Server release 6.5 (Santiago). Because the source of the system is a Yum source, install with yum install ansible, but error: (This error is that the Yum source is not registered with the Red Hat system.) Yum s